All Articles

Browse by Category:

Browse by Tag:

Government Podcast Privacy Microsoft Malware Ransomware Vulnerability Data Breaches Google Encryption Apple Phishing 2fa Hardware Iot Security Apt Android Ciso Supply Chain Cybercrime Cloud Solarwinds Hacker Movies Internet Black Hat Facebook Labs Research Botnet Cisa Linux Patching Government Agencies Vulnerabilities Log4j Windows Patch Vpn Software Security Apache Open Source Legislation Bug Bounty Networking Gdpr Critical Infrastructure Security Mobile Mozilla Magecart Disinformation Vmware

2349 articles:

To Combat Zero Day Variants, ‘We Need Comprehensive Fixes’

At least half of the zero days exploited in the wild in 2022 are variants of previously fixed bugs, Google data shows.

Google, Zero Day

ZuoRAT Malware Found Hitting Home Routers

A new piece of malware called ZuoRAT, based on the Mirai code, is hitting SOHO routers and performing DNS and HTTP hijacking.

Malware, China

U.S. Gov Agencies Face Looming Microsoft Exchange Online Modern Auth Deadline

New guidance urges U.S. government agencies to expedite the switch to Modern Auth in Exchange Online ahead of Microsoft's Oct. 1 deadline.

Microsoft

Q&A: Dinah Davis

Dinah Davis, VP of research and development operations at Arctic Wolf, discusses the challenges facing the cybersecurity industry when it comes to diversity and amplifying the voices of women.

Women in Tech, Women in Security

AstraLocker Ransomware Spread in ‘Smash and Grab’ Attacks

A new variant of the AstraLocker found being deployed directly in Microsoft Office attachments reflects a focus by attackers on making a big impact and getting a quick payout.

Ransomware

Decipher Podcast: John Hultquist

John Hultquist, VP of Mandiant Intelligence, talks about new Mandiant research that exposes a Chinese information operation campaign targeting U.S., Canadian and Australian rare earths mining companies.

Podcast

Bringing Ransomware Infrastructure Into the Light

Researchers from Cisco Talos were able to de-anonymize the infrastructure used by several ransomware groups, including Quantum, Snatch, and DarkAngels.

Ransomware

Emotet Office Macros Abuse Continues Despite Microsoft Protections

Researchers found hundreds of malicious Office documents being used to download Emotet in June.

Emotet

Remote Memory Corruption Bug Found in OpenSSL 3.0.4

A remotely exploitable memory corruption bug has been identified in OpenSSL 3.0.4 on x64 systems with the AVX512 instruction set.

Openssl

Decipher Podcast: Source Code 6/24

This week's Source Code podcast by Decipher takes a look behind the scenes at top news with input from our sources.

Podcast, Source Code

Chinese Threat Actor Uses Ransomware as a ‘Smokescreen’ For Espionage

Researchers say evidence points to Chinese-based Bronze Starlight using five different ransomware families as a method to disguise its actual goal of espionage.

China, Ransomware

APT Groups Still Exploiting Log4Shell in VMware Products

APT teams are still exploiting the Log4Shell flaw in VMware Horizon and Unified Access Gateway, six months after the initial disclosure.

Log4j, CISA

Russian Actors Focus on Confluence Flaw

The majority of exploitation attempts against the recent Atlassian Confluence bug (CVE-2022-36134) are coming from Russia.

Atlassian

BEC Actors Diverge From Traditional Attacks

Business email compromise (BEC) groups are more heavily relying on attacks that impersonate third-party vendors or suppliers, as opposed to traditional attacks that mimicked executives.

Business Email Compromise

AvosLocker Ransomware Deployed in Log4Shell Attack

An AvosLocker ransomware attack exploited the Log4j bug in VMware Horizon servers.

Ransomware